Files
sure/.github/workflows/pipelock.yml

37 lines
1.0 KiB
YAML

name: Pipelock Security Scan
on:
pull_request:
branches: [main]
permissions:
contents: read
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
fetch-depth: 0
persist-credentials: false
- name: Pipelock Scan
uses: luckyPipewrench/pipelock@818ca0a7af4dbcd56ada7fa57e2dc32f9e799e34 # v2.8.0
with:
version: '2.8.0'
scan-diff: 'true'
fail-on-findings: 'true'
test-vectors: 'false'
exclude-paths: |
.env.example
compose.example.yml
compose.example.ai.yml
config/locales/views/reports/
docs/hosting/ai.md
app/models/provider/binance.rb
workers/preview/package-lock.json
# Preview Dockerfile uses local dev credentials (rails/rails) that are
# not real secrets; Dockerfile format does not support inline # pipelock:ignore
Dockerfile.preview